Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-09-07
CVE-2018-16653
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
CVE-2018-16654
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
CVE-2018-6320
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
CVSS Score
9.8
EPSS Score
0.052
Published
2018-09-06
CVE-2018-16261
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
CVSS Score
6.8
EPSS Score
0.0
Published
2018-09-06
CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-09-06
CVE-2018-16310
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-06
CVE-2018-16517
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.015
Published
2018-09-06
CVE-2018-16590
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-09-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved